[Freeipa-users] authenticate samba 3 or 4 with freeipa: building ipasam.so on Ubuntu
Jason Woods
devel at jasonwoods.me.uk
Fri Mar 28 13:50:08 UTC 2014
Hi
(Apologies - resending to the list - I'm so used to the Reply-To already set but it appears not to be here my bad.)
> On 28 Mar 2014, at 11:32, Petr Spacek <pspacek at redhat.com> wrote:
>
> Please let us know if it worked for you or not. I'm curious! :-)
I'm pretty curious too.
I have RHEL 6.5 with samba authenticating with IPA using ipasam.so. I needed to add two patches though to 3.0 to fix 'valid users' group resolution and also performance. They're merged into master and 3.3 and will be in RHEL 7.
Apart from the patching it was easy to do - just needed ipa-server and ipa-server-adtrust installed and setup and it did all the config for me (the adtrust part sets up samba with ipasam.so for you).
Problem is running ipasam.so without the ipa-server locally - is how to get it so the host can see ipaNTHash in the schema to check password. If ipa-server is local the host has access, otherwise it doesn't.
So be good to find out what aci or service principal stuff makes that available in an elegant and secure way.
Jason
More information about the Freeipa-users
mailing list